How to throttle login attemps in Java webapp?
Posted
by Jörn Zaefferer
on Stack Overflow
See other posts from Stack Overflow
or by Jörn Zaefferer
Published on 2009-01-19T13:33:23Z
Indexed on
2010/04/10
14:53 UTC
Read the original article
Hit count: 611
I want to implement an efficient mechanism to throttle login attemps in my Java web application, to prevent brute-force attacks on user accounts.
Jeff explained the why, but not the how.
Simon Willison showed an implementation in Python for Django: That doesn't really help me along as I can't use memcached nor Django.
Porting his ideas from scratch doesn't seem like a great either - I don't want to reinvent the wheel.
I found one Java implementation, though it seems rather naiive: Instead of a LRU cache, it just clears all entries after 15 minutes.
EHCache could be an alternative for memcached, but I don't have any experience with it and don't really want to intoduce yet another technology if there are better alternatives for this task.
So, whats a good way to implement login throttling in Java?
© Stack Overflow or respective owner